Security

Extras

Child Porn Ransomware Warning

Outline
Circulating message warns users about a type of virus that locks files on the infected computer and threatens to inform the police that the victim has been downloading child porn if he or she does not pay a fee to have incriminating files removed.

Brief Analysis
The threat described is real. This type of attack, known as Ransomware, has increased significantly over the last year or so. Some versions simply encrypt files on the infected computer and demand payment to unlock them. However, other, more sinister, variants not only lock down files, but also threaten to send an unlocking password to police that will supposedly reveal incriminating child pornography on the infected computer if victims do not pay.

Example

WARNING WARNING WARNING: THIS IS NOT A JOKE AND I DON'T KNOW IF IT IS AN OLD VIRUS OR A NEW ONE. ONE OF OUR LAPTOPS IN THE HOUSE HAS BEEN INVADED BY A VERY NASTY VIRUS. IT COMES UP AS A POLICE WARNING WITH VERY CONVINCING LOGOS AND WARNINGS AND ACCUSES YOU OF DOWNLOADING CHILD PORN. TO REINFORCE THIS FACT THERE ARE SOME VERY NASTY PICTURES INCLUDED. IT WARNS THAT IF YOU DON'T PAY THE SUM OF £100 WITHIN 12-24 HOURS TO HAVE IT REMOVED THEN THEY WILL INFORM THE POLICE. ONCE THIS GETS INTO YOUR SYSTEM IT WIPES EVERYTHING ELSE OUT AND THERE IS NO WAY YOU CAN GET INTO SAFE MODE OR ANYTHING ELSE TO GET RID OF IT. THE POLICE ARE AWARE OF THIS SCAM AND VIRUS AND WE HAVE REPORTED IT TO THEM. PLEASE PASS THIS AROUND AS A MATTER OF URGENCY AND PLEASE ENSURE YOUR SAFETY PROTOCOLS ARE TOP LINE. IT CAN COME THROUGH NORMAL WEB SITES.

Detailed Analysis
This warning message, which is currently circulating via social media, describes a type of cyber attack that locks down computer files and threatens to send incriminating child porn material to police if the victim does not pay a fee immediately. According to the message, victims will not be able to access any of the files on the infected computer or get rid of the threat. The message explains that the threat displays a window on the infected computer, made to look like an official police warning, that accuses the user of downloading child pornography.

The information in the warning is basically factual. While the type of threat described, called "Ransomware", has been around in various forms for years, it has become much more prevalent in recent months.

Simply put, ransomware locks up the files on the infected computer so that victims cannot access them. Removing the malware and regaining access to the locked files can be quite difficult, especially for users without advanced technical knowledge. Victims are typically told that they must pay a fee to the attackers to restore access to their files. Victims are informed that, once they have paid the requested fee and sent an ID code to a specified email address, they will receive a password that will allow them to unlock the infected computer.

Those who do not have recent backups of their important files may see no option other than to pay up as requested. However, users who do pay may then be told that they must make further payments before receiving the promised password. In other cases, the criminals may simply disappear leaving the victim out of pocket and still locked out of his or her computer.

Some alternative versions may tell victims that they must download software from a specified website that will remove the ransomware and unlock the encrypted files. However, this supposed fix, while it may actually unlock the computer, is likely to contain other kinds of malware that will allow criminals to steal information and control the infected computer remotely.

There have been various incarnations of the scam, some of which claim to have been sent by police agencies, including America's FBI, the UK's Metropolitan Police and Germany's Federal Office for Information Security.

And, as noted in the circulating warning message, some versions add an even more sinister twist by threatening to tell police that there is child pornography on the victim's computer if they don’t pay up. These versions claim that, if the victim does not send the required fee within a specified time frame, the attackers will send a special password to police that will reveal incriminating child porn material on the victim's computer.

Even if people who receive these versions do have backups and are not immediately concerned about regaining access to the locked files, they may be panicked into paying up to avoid the potential threat of criminal charges and public humiliation.

Thus, the core claims in the circulating warning message are valid and worth heeding. Unfortunately, the author of the warning has written it in ALL CAPS. Given that many computer security hoaxes tend to be rendered in all capital letters, some recipients may dismiss it as just another bogus warning.

Moreover, the threats described are actually malware, not viruses. While, these days, the two terms are often used interchangeably, there are in fact significant differences in how these threats behave and how they can best be combatted.

Also, the suggestion in the warning that you cannot do anything to get rid of the malware is potentially misleading. As noted below, there are ways of removing ransomware without paying up.

So, what to do if your computer does become infected with ransomware? Firstly, don't panic. Resist any urge to pay up. Authorities are now well aware of such ransomware attacks. Don't be fooled by idle criminal threats that you will be charged by police if you do not pay up. As noted earlier, there is certainly no guarantee that paying the requested fee will get your locked files back. And, by complying, you will be lining the pockets of criminals and encouraging them to continue such attacks.

And, as always, being prepared is half the battle. Always make regular backups of your computer files. If you have recent back-ups, you should ultimately recover well from a ransomware attack, even if your computer needs to be reformatted.

Ensure that your operating system, browsers and other software applications always have the latest updates. Use up-to-date anti-virus and anti-malware programs to protect your computer. Use a firewall.

And, use caution and common sense when following links, opening email attachments or downloading software.

Last updated: March 25, 2013
First published: March 25, 2013
By Brett M. ChristensenAbout Hoax-Slayer